Subscribe to our Threatpost Today newsletter

Join thousands of people who receive the latest breaking cybersecurity news every day.

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

*

*

I agree to my personal data being stored and used to receive the newsletter

*

I agree to accept information and occasional commercial offers from Threatpost partners

The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.

Mozilla Announces Firefox Monitor Tool Testing, Firefox 61

Mozilla is testing a new tool that securely checks to see if users’ accounts have been hacked.

Mozilla has made some sweeping security announcements this week: On Monday, the company announced it is testing a new security tool called Firefox Monitor, which the firm said securely checks to see if users’ accounts have been hacked. That news came just as the browser giant released Firefox 61 for Windows, Mac, Linux and Android.

The testing of Firefox Monitor also comes on the heels of Mozilla’s partnership with Cloudflare and Have I Been Pwned (HIBP).

Similar to the existing function of HIBP, founded by security researcher Troy Hunt, Firefox Monitor allows users to enter their email addresses to check if they’re part of hacker databases that have been publicly released.

“In order to help keep personal information and accounts safe, we will be testing user interest in a security tool that lets users check if one of their accounts has been compromised in a data breach,” Peter Dolanjski, product manager for Firefox, said in a post. “We decided to address a growing need for account security by developing Firefox Monitor, a proposed security tool that is designed for everyone, but offers additional features for Firefox users.”

Firefox Monitor users can see the details on sites and other sources of breaches and the types of personal data exposed in each breach, and receive recommendations on what to do in the case of a data breach.

Mozilla said it is also considering a service to notify people when new breaches include their personal data.

“This is major, because Firefox has an install base of hundreds of millions of people which significantly expands the audience that can be reached once this feature rolls out to the mainstream,” Hunt said in a blog post. “I’m really happy to see Firefox integrating with HIBP in this fashion, not just to get it in front of as many people as possible, but because I have a great deal of respect for their contributions to the technology community.”

At a technical level, the Firefox Monitor service will use anonymized range query API endpoints from HIBP – allowing users to preserve their privacy while they check for compromised accounts. These API endpoints were designed and implemented by Cloudflare as an additional layer of security for those consuming the API that is visible to the end users.

“This contribution allows for Pwned Passwords clients to use range queries to search for breached passwords, without having to disclose a complete unsalted password hash to the service,” said Cloudflare’s Junade Ali, in a post.

Mozilla said currently it is testing initial designs of the Firefox Monitor tool – but beginning next week, the company will invite approximately 250,000 users, mainly U.S.-based, to try it out.

“Once we’re satisfied with user testing, we will work on making the service available to all Firefox users,” said Dolanjski in the post. “Once a release schedule has been established, it will be announced in a follow-up blog post.”

Firefox 61 Launch

Mozilla on Tuesday also released Firefox 61 for Windows, Mac, Linux and Android, with new security features.

Most notably, the new Firefox version will block sub-resource loads that rely on the insecure File Transfer Protocol (FTP), unless the document itself is an FTP document.

“The fundamental underlying problem with FTP is that any data transferred will be unencrypted and hence sent across networks in plain text, allowing attackers to steal, spoof and even modify the data transmitted,” said Christoph Kerschbaumer, content security tech lead at Mozilla in a post.

“Following through to our intent to deprecate non-secure HTTP and aligning with Mozilla’s effort to improve adoption of HTTPS Firefox will block subresource loads, like images, scripts and iframes, relying on the insecure FTP protocol,” he continued.

The new version of Firefox also offers default support for the latest draft of the Transport Layer Security specification.

The new version will support TLS 1.3, which succeeds the Secure Socks Layer (SSL) protocol as the new standard for enabling two networked applications or devices to exchange information privately. It was first drafted more than four years ago, in April 2014, by the Internet Engineering Task Force.

Authors

Threatpost

InfoSec Insider Post

InfoSec Insider content is written by a trusted community of Threatpost cybersecurity subject matter experts. Each contribution has a goal of bringing a unique voice to important cybersecurity topics. Content strives to be of the highest quality, objective and non-commercial.

Sponsored

Sponsored Post

Sponsored Content is paid for by an advertiser. Sponsored content is written and edited by members of our sponsor community. This content creates an opportunity for a sponsor to provide insight and commentary from their point-of-view directly to the Threatpost audience. The Threatpost editorial team does not participate in the writing or editing of Sponsored Content.